-
Notifications
You must be signed in to change notification settings - Fork 5
Juan Wajnerman edited this page Sep 3, 2014
·
1 revision
<<toc>>
- Create an Elastic IP and assign it to your instance
- Select Elastic IPs from Network and Security in your AWS Console
- Create a new IP
- Assign it to your instance
- Open up port 80 and allow ICMP requests for pinging your instance
- Select Security Groups fron Network and Security
- Select All ICMP then press Add Rule
- Select HTTP then press Add Rule
- Select HTTPS then press Add Rule
- Test things out by pinging your ip e.g. ping your_elastic_ip
Enable the Apache ssl module and headers
# sudo a2enmod ssl # sudo sudo a2enmod headers
Create a rsa key and enter a passphrase
# openssl genrsa -des3 -out nuntium.key 2048
Create another key without a passphrase (entering the passphrase from step 1 when creating)
openssl rsa -in nuntium.key -out nuntium.key.insecure
Shuffle the key names (the insecure key in now named nuntium.key)
# mv nuntium.key nuntium.key.secure # mv nuntium.key.insecure nuntium.key
Generate the CSR (and follow the prompts)
# openssl req -new -key nuntium.key -out nuntium.csr
Submit nuntium.csr to a certificate authority such as http://www.startssl.com then copy the resulting certificate and key
# sudo cp nuntium.crt /etc/ssl/certs # sudo cp nuntium.key /etc/ssl/private
Be sure to also copy the SSLCertificateChainFile and SSLCACertificateFile (e.g. http://www.startssl.com/?app=21)
# sudo cp ssl_certificate_chain_file.pem /etc/ssl/certs # sudo cp ssl_ca_certificate_file.pem /etc/ssl/certs
Change the ownership and permissions so only root can read the file
# sudo chown root:root /etc/ssl/certs/nuntium.pem && sudo chmod 400 /etc/ssl/certs/nuntium.pem # sudo chown root:root /etc/ssl/private/nuntium.key && sudo chmod 400 /etc/ssl/private/nuntium.key # sudo chown root:root /etc/ssl/certs/ssl_ca_certificate_file.pem && sudo chmod 400 /etc/ssl/certs/ssl_ca_certificate_file.pem # sudo chown root:root /etc/ssl/certs/ssl_certificate_chain_file.pem && sudo chmod 400 /etc/ssl/certs/ssl_certificate_chain_file.pem
Finally add the virtual host configuration to /etc/apache2/sites-enabled/nuntium.conf
<VirtualHost *:443>
ServerName your_elastic_ip_or_dns
SSLEngine on
SSLCertificateFile /etc/ssl/certs/nuntium-self.crt
SSLCertificateKeyFile /etc/ssl/private/nuntium.key
SSLCertificateChainFile /etc/ssl/certs/ssl_certificate_chain_file.pem
SSLCACertificateFile /etc/ssl/certs/ssl_ca_certificate_file.pem
DocumentRoot /home/ubuntu/nuntium/public
PassengerSpawnMethod conservative
<Directory /home/ubuntu/nuntium/public>
AllowOverride all
Options -MultiViews
</Directory>
RequestHeader set X_FORWARDED_PROTO 'https'
</VirtualHost>And restart apache
# sudo service apache2 restart